by Joerg Sieber
How do you eat an elephant?”
“One bite at a time!”
Remember the old saying? It holds true. But what if the elephant grows every time you take a bite, as is the case in today’s IT and security world?
Every time a data analyst takes a bite out of big data, more data appears, resulting in complete overload of information to the point where analysis paralysis sets in. Data from network operations, data from your firewalls, data from your mobile security solution, data from endpoints… it all keeps streaming in. Security professionals today are dealing with a world where data literally clogs up the analysis pipeline, making it useless beyond belief. According to Goldman Sachs, 90 percent of the world’s data has been created in the last two years. And the influx of data is not slowing down any time soon.
Add to this the fact that the security industry is facing a skilled employee shortage like never before. The number of threats is growing and those threats are becoming more sophisticated. The number of security solutions to counter those threats is also growing, but the number of qualified data analysts is not increasing at nearly the same pace. Even if it were keeping pace, not many companies have the financial strength to hire the appropriate number of security analysts to stay on top of their security networks. Industry analyst firm Gartner predicts that by the end of this year, Western Economies will report a 50 percent increase in unfilled digital technology jobs, such as data scientists, resulting in a major shortage of threat researchers, and analysts in the hiring pool.
Other than training more security specialists – which could take years -- the only answer to this dilemma appears to be better threat analysis capabilities and meaningful automated correlation of data across your network. The most effective security solutions of today and tomorrow include powerful threat analysis capabilities that can collect data from all your sources and automatically cut through the noise of terabytes of data to present you with the most relevant data that is manageable -- and actionable. Integration of technologies and automated correlation capabilities of data is the key in this aspect.
How do you pick the right platform? Ask yourself the following three questions:
- How integrated is your security network? Just because you purchased your solutions from a single vendor doesn’t mean the solution is integrated –or effective. If you are dealing with multiple user interfaces, different reporting engines, and have multiple data streams to analyze, your solution is not integrated. Consider cutting down the number of data sources and cut back on the number of data streams.
- How useful is the information presented to you in dashboards and reports? Take a look at the dashboards you are using. Do they provide you with the data needed for you to jump into action and improve the security of your network? If not, search for a solution that may provide you with more meaningful data.
- Can your solution correlate information from different areas of your network? Many of today’s threats and applications use components of Web, endpoint, email, or other vectors to attack your network. Can your solution combine threat indicators from different areas of your network to provide you with a consolidated picture of a threat? If not, consider shopping around for a better solution.
It’s time to cut back on the noise in your network and focus on important threats. Go ahead, take a bite out of that elephant, but stop the elephant from growing at the same time.
What do you think about the security skills shortage? How is it affecting your day-to-day? We want to hear from you: weigh in on the Fuel discussion forums.
You can also read more from Palo Alto Networks experts in daily updates to the Research Center blog.